package com.security.wxlogin.conf;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * @Classname WebSecurityConf
 * @Description web 安全配置
 * @Date 2020/4/21 0021 12:22
 * @Created by 埔枘
 */
@EnableWebSecurity
public class WebSecurityConf extends WebSecurityConfigurerAdapter {



    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().frameOptions().disable();
        http.csrf().disable()//禁用 csrf,防止 post 请求 被拒绝
                .authorizeRequests()
                .antMatchers("/index").hasAuthority("USER")
                .and()
                // 此处的 /login 指的是 controller 里面定义的
                .formLogin().loginPage("/login").defaultSuccessUrl("/index")
                .and()
                // 此处的 /login 指的是 controller 里面定义的
                .logout().logoutUrl("/logout").logoutSuccessUrl("/login");
        http.addFilterAt(customFromLoginFilter(), UsernamePasswordAuthenticationFilter.class);

    }


    /**
     * 自定义认证过滤器
     */
    private WXAuthenticationLoginFilter customFromLoginFilter() throws Exception {
        // 此处的 /customlogin 指的是 表单提交的路径
        WXAuthenticationLoginFilter wxAuthenticationLoginFilter = new WXAuthenticationLoginFilter("/redirectLogin");
        wxAuthenticationLoginFilter.setAuthenticationFailureHandler(initAuthenticationFailureHandler());
//        wxAuthenticationLoginFilter.setAuthenticationSuccessHandler(initAuthenticationSuccessHandler());
        wxAuthenticationLoginFilter.setAuthenticationManager(new WXAuthenticationManager());
        return wxAuthenticationLoginFilter;
    }

    @Bean
    public AuthenticationFailureHandler initAuthenticationFailureHandler(){
        AuthenticationFailureHandler authenticationFailureHandler = (httpServletRequest, httpServletResponse, e) -> {
            System.out.println("Failure Authentication");
            httpServletResponse.sendRedirect("/login?error");
        };
        return authenticationFailureHandler;
    }
//    @Bean
//    public AuthenticationSuccessHandler initAuthenticationSuccessHandler(){
//        AuthenticationSuccessHandler authenticationSuccessHandler = (httpServletRequest, httpServletResponse, e) -> {
//            System.out.println("Success Authentication");
//            httpServletResponse.sendRedirect("/index");
//        };
//        return authenticationSuccessHandler;
//    }

    @Bean
    public PasswordEncoder initPasswordEncoder(){
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

}
